Malware

Malware.AI.1726462524 removal

Malware Removal

The Malware.AI.1726462524 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1726462524 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Attempts to modify Internet Explorer’s start page
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.1726462524?



File Info:

name: 1B9D88B2FB59EB8186DC.mlw
path: /opt/CAPEv2/storage/binaries/facf25d399aeaa0db5c27cf18289faa545d7a404ab357a4cfa64ef620d25a9fc
crc32: 096445B5
md5: 1b9d88b2fb59eb8186dc8e8aa2e86820
sha1: 9368dcd986b9f95357d9b6b286d32c738e5106e2
sha256: facf25d399aeaa0db5c27cf18289faa545d7a404ab357a4cfa64ef620d25a9fc
sha512: 17c91a2ecc920008bf598710584a83d44534112ac8e31f4c708c6ac4e8dcaf9712da6194bb8c7c56af7f570d7fc36e6d9feb0af6cab32080522d544916837c84
ssdeep: 49152:E37UgnJTH1BLISEiI3OiNe9RR+Jvgkbr9HBr1zoMtlrt0XnQJj0PE39QMluFBFKU:6g6JTH1BLISTI+9n+JYkbrBBho0lrt0L
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T142D5332B0691751CF1AF9CB1AB5EFCD4175630030A6734B0AE06C0E4D9BA9D7F6A634B
sha3_384: 2080ae86afd34faece9c1aebac7a25f0df6b85b16f4dcdabe987e4bc03468b93bdd06132546746d290717f553d4c4c46
ep_bytes: 60be001052008dbe0000eeff5783cdff
timestamp: 2021-12-09 17:33:02


Version Info:

FileVersion: 10.18.1.0
FileDescription: MySkin LOL
ProductName: MySkin
ProductVersion: 10.18.1.0
CompanyName: sky
LegalCopyright: sky的版权所有
Comments: MySkin LOL
Translation: 0x0804 0x04b0

Malware.AI.1726462524 also known as:

BkavW32.AIDetect.malware2
LionicAdware.Win32.Agent.2!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.38266274
FireEyeGeneric.mg.1b9d88b2fb59eb81
ALYacTrojan.GenericKD.38266274
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusAdware ( 005848221 )
AlibabaAdWare:Win32/Startpage.019c1652
K7GWAdware ( 005848221 )
CyrenW32/Trojan.CLL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEXMalicious
ClamAVWin.Malware.Generic-9916897-0
Kasperskynot-a-virus:AdWare.Win32.Agent.gen
BitDefenderTrojan.GenericKD.38266274
AvastScript:SNH-gen [Trj]
TencentMalware.Win32.Gencirc.10cf9898
Ad-AwareTrojan.GenericKD.38266274
SophosMal/Generic-S + Mal/Agent-AVP
ComodoPacked.Win32.MUPX.Gen@24tbus
DrWebTrojan.StartPage1.60617
ZillyaAdware.Agent.Win32.170932
TrendMicroTROJ_GEN.R002C0DLR21
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
EmsisoftTrojan.GenericKD.38266274 (B)
GDataWin32.Trojan.PSE.164P84S
JiangminTrojan.Script.auat
AviraTR/Spy.Gen3
MAXmalware (ai score=84)
Antiy-AVLTrojan/Generic.ASCommon.FA
GridinsoftRansom.Win32.Miner.sa
MicrosoftTrojan:Win32/Startpage.AGM
CynetMalicious (score: 100)
AhnLab-V3Malware/Win.Generic.R444729
Acronissuspicious
McAfeeGenericRXAA-AA!1B9D88B2FB59
VBA32Adware.Agent
MalwarebytesMalware.AI.1726462524
TrendMicro-HouseCallTROJ_GEN.R002C0DLR21
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.65CA!tr
BitDefenderThetaGen:NN.ZexaF.34114.2oMfaentcvlb
AVGScript:SNH-gen [Trj]
Cybereasonmalicious.2fb59e
PandaTrj/Genetic.gen

How to remove Malware.AI.1726462524?

Malware.AI.1726462524 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment